Main Vulnerability Database Vulnerabilities #VU134371

Improper access control in GitLab Enterprise Edition and Gitlab Community Edition - CVE-2026-6552

Published: June 11, 2026 / Updated: June 12, 2026

Vulnerability identifier: #VU134371

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-6552

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: GitLab, Inc

Affected software:
GitLab Enterprise Edition
Gitlab Community Edition

Detailed vulnerability description

The vulnerability allows a remote user to take over another user's GitLab account.

The vulnerability exists due to improper access control in group SAML identity management functionality when managing group SAML identities through the Group SAML Identity API. A remote privileged user can exploit authorization flaws to take over another user's GitLab account.

The issue occurs under certain conditions and affects users with the group Owner role.

How to mitigate CVE-2026-6552

Install security update from vendor's website.

Sources

https://docs.gitlab.com/releases/patches/patch-release-gitlab-19-0-2-released/

Improper access control in GitLab Enterprise Edition and Gitlab Community Edition - CVE-2026-6552

Detailed vulnerability description

How to mitigate CVE-2026-6552

Sources

Please verify you're human